Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 4.1.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
Fedoraproject Fedora 36
8.8
CVSSv3
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
8.8
CVSSv3
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
Moodle Moodle 4.1.0
Moodle Moodle 4.1.1
8.2
CVSSv3
CVE-2023-23923
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote malicious user to gain unauthorized access to otherwise restrict...
Moodle Moodle 4.1.0
Moodle Moodle
6.5
CVSSv3
CVE-2023-28330
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.1
CVSSv3
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.1
CVSSv3
CVE-2023-28332
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.1
CVSSv3
CVE-2023-23922
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnera...
Moodle Moodle 4.1.0
Moodle Moodle
6.1
CVSSv3
CVE-2023-23921
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in cont...
Moodle Moodle 4.1.0
Moodle Moodle
4.3
CVSSv3
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the learning plans page.
Moodle Moodle 4.0.0
Moodle Moodle 4.1.0
Moodle Moodle
Moodle Moodle 4.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »